WHAT IS CLAIMED IS: 



1. A packet communications apparatus to be used in 
a network system wherein user terminals that can be linked 
ia a network to said apparatus send/receive packets to/from 

i server for authentication and a file server connected via 
a network to said apparatus, comprising; 

a plurality of network interfaces; 

a learned address table containing information for 
:L ventifying one of said network interfaces through which to 
j; md a packet; 

a packet forwarding unit that selects a port through 
v lich to forward a packet by referring to said learned 
i. idress table, according to the state of said network 
interfaces, and forwards or discards a packet sent from the 
user terminal, addressed to the server for 
eithentication/file server and vice versa; 

a processor for directive packets to change state 
t) at receives a directive packet to change state, the packet 
ht-Lding a directive to change the state of a specific network 

ii terface to one of the connected state, disconnected state 
ani stateless, via said packet forwarding unit from the 
server for authentication; and 

state managers, each installed in each network 
interface and each that receives a directive packet to 



change state from said processor for directive packets to 
change state and changes the state of the network interface 
to one of the connected state, disconnected state and 
stateless, according to the directive packet to change 
state . 

2. The packet communications apparatus according 
t:> claim 1, wherein: 

said network system further includes a server for 
address assignment that dynamically leases an address to a 
user terminal linked to it via a network or networks and a 
router ; 

said apparatus further includes a filtering table 
in which the source address of a packet it received is 
regis tered, - 

said processor for directive packets to change 
a .ate, upon receiving a directive packet to change state 
t iat directs it to register a specific address registered 
i i said filtering table into said learned address table, 
r ijisters the specific address into the learned address 
table; and 

said apparatus unconditionally forwards a packet 
whose destination address is registered in the learned 
ardress table and forwards a packet whose destination 
ac'dress is registered in said filtering table, but not 
re gistered in the learned address table, provided the source 



address of the packet is the router or the server for 
authentication. 

3 . The packet communications apparatus according 
to claim 1, wherein: 

each of said network interfaces further includes a 
link down detector that finds whether a network link 
terminated to the interface is now workable ; 

each of said state managers, when said line down 
detector detect a link-down, changes the state of the 
network interface in which the link-down has now been 
detected to the disconnected state; 

each of said state managers, when a user terminal 
; user-authenticated by said server for authentication, 
c ianges the state of the network interface to which the user 
t rminal is linked to the connected state; and 

said packet forwarding unit, upon receiving a 
packet through a network interface set in the disconnected 
state, does not forward the packet to a network interface 
sot in the disconnected or connected state, but forwards the 
FJ cket to only a specific network interface, and upon 
r; ceiving a packet through a network interface set in the 
connected state, does not forward the packet to a network 
xl terface set in the disconnected state. 

4. A packet communications apparatus to be used in 
a network system wherein user terminals that can be linked 
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,!- ia a network to said apparatus send/receive packets to/from 
i server for authentication and a file server connected via 
a network to said apparatus, comprising: 

physical interfaces, each making the connection to 
t network; 

a packet forwarding unit that selects a port through 
which to forward a packet,- 

filtering units that perforin packet filtering, each 
located between each of said physical interfaces and the 
;: :cket forwarding unit and comprising a filtering table 
containing information for forwarding or discarding a 
picket and a packet processor that discards a packet or 
t tansf ers a packet to said packet forwarding unit, according 
to the contents of said filtering table; and 

a processor for directives to change filtering that 
transfers a directive to change filtering from said server 
f >r authentication to the appropriate one of said filtering 
ur.its, changes the information in the filtering table 
initially set to discard all received packets, according to 
the directive from said server for authentication, and 
sequentially adds information for forwarding such packets 
to said file server that include the address of a user 
terminal that has now been user-authenticated by said server 
for authentication as the source address to said filtering 
t^ble. 
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5. A packet communications apparatus to be used in 
5 network system wherein user terminals that can be linked 
via a network to said apparatus send/receive packets to/from 
a server for authentication and a file server connected via 
a network to said apparatus, comprising: 

network interfaces for sending/receiving packets 
to/from the user terminals, the server for authentication 
and the file server; 

an IP address registration table in which the 
I-. Idresses of the user terminals user - authenticated by the 
server for authentication are registered; and 

a packet forwarding unit that forwards a packet 
whose source address matches an address registered in said 
I address registration table and encapsulates a packet 
*>] ose source address is not registered in the IP address 
registration table and then sends the encapsulated packet 
c: a specific address. 



